CVE-2013-1695

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element...

getUserMedia permission dialog incorrectly displays location — Mozilla

Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions...

WHMCS CSRF All Versions Vulnerability

Exploit for php platform in category web applications Exploit Title: WHMCS CSRF All Versions 0day Team: MaDLeeTs Software Link: http://www.whmcs.com Version: All Site: http://www.MaDLeeTs.com Email: email protected Video http://vimeo.com/63686629 https://TARGETS...

CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

UBUNTU-CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

Cisco Iframe Injection

Dear Support, I have found iframe injection on newsroom.cisco.com. Affected URL: http://newsroom.cisco.com/blair-christie?articleId=%27%22%3E%3Ciframe%20src=%22http://www.avsecurity.in%22%20width=%221000%22%20height=%221000%22%3E/ Below are the description for the same. IFrame Injection: Using...

CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Persistent XSS in wysiwyg CKEditor + Disclosure and Fix: This was disclosed to Drupal on 20/01/13, and was fixed with the release of ckeditor 4.1...

Drupal Module CKEditor &lt; 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting

Exploit Title: Persistent XSS in wysiwyg CKEditor + Disclosure and Fix: This was disclosed to Drupal on 20/01/13, and was fixed with the release of ckeditor 4.1 21/03/13...

Microsoft Fix It a Temporary Patch for IE 8 Zero Day Flaw

Microsoft has released a Fix-It to address an Internet Explorer 8 zero-day that was exploited in a watering hole attack against the U.S. Department of Labor website last week. The Fix It is a temporary mitigation until a patch is released. Microsoft’s next scheduled Patch Tuesday security updates...

Mandriva Linux Security Advisory : otrs (MDVSA-2013:112)

Updated otrs package fixes security vulnerabilities : Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allo...

Move Over Conficker, Web Threats are Top Enterprise Risk

Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...

WordPress FuneralPress 1.1.6 Cross Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...

ViewGit 0.0.6 Cross Site Scripting

Vulnerability Report Author: Matthew R. Bucci Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit "is a git web repository viewer that aims to be easy to set up and upgrade, light on dependencies, and comfortable to use."...

DEBIAN-CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

Debian Security Advisory DSA 2617-1 (samba - several issues)

Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. CVE-2013-0213: Clickjacking issue in SWAT An attacker can integrate a SWAT page into a...